557 Open source projects that are alternatives of or similar to Xss Payload List

🎯 SQL Injection Payload List

🎯 Server Side Template Injection Payloads

🎯 RFI/LFI Payload List

Awesome XSS stuff

Foxss is a simple php based penetration Testing Tool.Currently it will help to find XSS vulnerability in websites.

XSS Payload without Anything.

🎯 XML External Entity (XXE) Injection Payload List

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

A few SQL and XSS attack tools

Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities

Toolset for detecting reflected xss in websites

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Most advanced XSS scanner.

Git All the Payloads! A collection of web attack payloads.

🎯 Open Redirect Payload List

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The purpose of this tool is to test the window10 defender protection and also other antivirus protection.

A tool to check a bunch of URLs that contain reflecting params.

Chrome extension to aid in finding DOMXSS by simple taint analysis of string values.

Simple and lightweight library that helps to validate SVG files in security manners.

Deliberately vulnerable scripts for Web Security training

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

HatVenom is a HatSploit native powerful payload generation tool that provides support for all common platforms and architectures.

No description or website provided.

Automating XSS using Bash

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

Loki.Rat is a fork of the Ares RAT, it integrates new modules, like recording , lockscreen , and locate options. Loki.Rat is a Python Remote Access Tool.

Automated XSS Finder

A web application for generating custom XSS payloads

XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

XSS in pastebin.com and reddit.com via unsanitized markdown output

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.

Powerful dork searcher and vulnerability scanner for windows platform

Make XSS Great Again

A container repository for my public web hacks!

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Top disclosed reports from HackerOne

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

A big list of Android Hackerone disclosed reports and other resources.

Powerfull XSS Scanning and Parameter analysis tool&gem

Cross-site scripting labs for web application security enthusiasts

A fast DOM based XSS vulnerability scanner with simplicity.

🎯 Command Injection Payload List

Hacking tools

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Penetration tests guide based on OWASP including test cases, resources and examples.

All about bug bounty (bypasses, payloads, and etc)

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Bad char generator to instruct encoders such as shikata-ga-nai to transform those to other chars.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim